Security gap in widely used chips: Android users need to be careful!

The chip manufacturer Qualcomm warns of a so-called “zero-day” security gap. A whole range of Android smartphones are affected – potentially millions of users, as “Techcrunch” reports.

A “zero-day” vulnerability is a gap that is previously unknown to the hardware or software manufacturer and for which there is therefore no immediate patch to fix it. This gives the manufacturer the eponymous “zero days” to release a patch.

In plain language this means: Until the manufacturer finds out about the gap, attacks are possible or have already been carried out. Qualcomm calls the current vulnerability CVE-2024-43047 a “limited, targeted exploitation”. Consumers should contact the manufacturer of their smartphones regarding any security patches, the company writes.

Security experts from Google and Amnesty discovered the vulnerability

Google’s threat analysis team drew attention to the vulnerability. The security laboratory of the non-profit organization Amnesty International also pointed out the vulnerability, according to “Techcrunch”, and even the US cybersecurity agency CISA listed the vulnerability of the Qualcomm chips.

Unfortunately, there are hardly any details about who exploited this vulnerability and exactly which users were targeted by cybercriminals. Qualcomm itself refers to the Google team and Amnesty’s security laboratory for further details about the actual, real threat posed by the vulnerability.

Qualcomm’s flagship chip is also affected

After all: The chip manufacturer itself explained that there have been patches for customers since September. However, the smartphone manufacturers themselves, as customers of the group, would now have to take measures and provide these patches to the users of the devices.

Specifically, there are 64 different chips with this vulnerability, including the flagship processor Snapdragon 8. This is installed in numerous devices, including Samsung, OnePlus, Xiaomi, Oppo, ZTE and Motorola.

So protect yourself as consumers from such vulnerabilities

At least in theory, millions of users could be affected. However, the analyzes by Google and Amnesty refer to “limited exploitation” – which means that certain individuals are actually more likely to be targeted by hackers, rather than the general public.

Nevertheless, I recommend that everyone who uses such a device now check whether there has been an important security update. In addition, the risk of becoming a target of criminals due to the vulnerability can be prevented with further measures – for example, by only downloading and using trustworthy apps, users only surfing on secure WiFi connections and with important accounts, for example online banking , use two-factor authentication.

Other interested readers also: